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What is claimed is: 

1 . A secure data authentication apparatus to authenticate a software file, 
the software file having a first signature appended to the software file, for use on a 

5 computer system, the apparatus comprising: 

a secure processing device within the computer system to receive the 
software file and hash the software file to produce a first hash value; and 

a first key located within the secure processing device, wherein the secure 
processing device encrypts the first hash value with the first key to generate a 
10 second signature and compares the first signature with the second signature and if 
the first signature matches the second signature the computer system accepts the 
software file as being authenticated. 

2. The secure data authentication apparatus of claim 1 wherein the 
15 software file further comprises a first source signature appended to the software 

file, the apparatus further comprising: 

a source key located within the secure processing device, wherein the 
secure processing device encrypts the first hash value with the source key to 
generate a second source signature and compares the first source signature with 
20 the second source signature, and if the first source signature matches the second 
source signature the computer system accepts the software file as being 
authenticated from the source represented by the first source signature. 
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3. The secure data authentication apparatus of claim 1 wherein 
the software file further comprises a first owner signature appended to the software 
file, the apparatus further comprising: 

an owner key located within the secure processing device, wherein the 
5 secure processing device encrypts the first hash value with the owner key to 
generate a second owner signature and compares the first owner signature with the 
second owner signature, and if the first owner signature matches the second owner 
signature the computer system accepts the software file as being authenticated. 

10 4. The secure data authentication apparatus of claim 1, further 

comprising: 

a key exchange request having a first key exchange signature appended 
thereto, the key exchange request sent from the computer system to the secure 
processing device, wherein the secure processing device hashes the key exchange 
15 request to generate a second hash value; 

a first key exchange key located within the secure processing device, 
wherein the secure processing device encrypts the second hash value with the first 
key exchange key to generate a second key exchange signature and compares the 
first key exchange signature with the second key exchange signature, and if the 
20 first key exchange signature matches the second key exchange signature the 
secure processing device erases the first owner key; and 

a second owner key within the key exchange request, wherein the secure 
processing device saves the second owner key. 
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5. The secure data authentication apparatus of claim 4, wherein the 
computer system further comprises a first feature file and the computer system 
performs in accordance with the first feature file, the apparatus further comprising: 

a second feature file having a third owner signature appended thereto, 
wherein the secure processing device hashes the second feature file to generate a 
third hash value which is encrypted with the second owner key to generate a fourth 
owner signature and compares the third owner signature with the fourth owner 
signature and if the third owner signature matches the fourth owner signature the 
computer system replaces the first feature file with the second feature file. 

6. The secure data authentication apparatus of claim 1, wherein the 
program comprises a feature file having a plurality of features wherein a subset of 
the plurality of features are activated and the computer system operates in 
accordance with the subset of the plurality of features. 

7. A secure data authentication apparatus to authenticate an owner of a 
software file and of a telephony switching system on which the software file is 
stored, the apparatus comprising: 

a first feature file and a software file, the first feature file having a plurality of 
features and a first owner signature appended thereto, wherein a first subset of the 
plurality of features is activated; 

a secure microprocessor within the telephony switching system, the secure 
microprocessor having an encryption algorithm, wherein the secure microprocessor 
hashes the first feature file to generate a first hash value; and 
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a first owner key with in the secure microprocessor, wherein the secure 
microprocessor encrypts the first hash value with the first owner key to generate a 
second owner signature and the secure microprocessor compares the first owner 
signature with the second owner signature and if the first owner signature matches 
the second owner signature the telephony switching system operates in 
accordance with the first subset of the plurality of features of the first feature file. 

8. The secure data authentication apparatus of claim 7, the apparatus 
further authenticating a source of the software file, the apparatus further 
comprising: 

a first source signature appended to the first feature file; and 
a source key located within the secure microprocessor, wherein the secure 
microprocessor encrypts the first hash value with the source key to generate a 
second source signature and the secure microprocessor compares the first source 
signature with the second source signature and if the first source signature matches 
the second source signature the telephony switching system operates in 
accordance with the first subset of the plurality of features of the first feature file. 

9. The secure data authentication apparatus of claim 7, further 
comprising: 

a second feature file having a second subset of the plurality of features 
activated, the second feature file having a third owner signature appended thereto; 
wherein the secure microprocessor receives the second feature file and hashes the 
second feature file to generate a second hash value and encrypts the second hash 
value with the first owner key to generate a fourth owner signature and the secure 
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microprocessor compares the third owner signature with the fourth owner signature 
and if the third owner signature matches the fourth owner signature the second 
feature file is written over the first feature file. 

10. A method for authenticating an owner of a software file having a first 
identification means attached thereto for use on a computer system, the computer 
system comprising a secure processing means having an encryption algorithm and 
a key, the method comprising: 

initiating the computer system; 

hashing the software file within the secure processing means to generate a 
first hash value; 

encrypting the first hash value with the key to generate a second 
identification means; and 

comparing the first identification means with the second identification means 
and if the first identification means matches the second identification means the 
computer system accepts the software file as being authenticated for the owners 
use. 

11. A method for authenticating an owner of a software file having a first 
owner signature appended to the software file, for use on a computer system 
having a secure processing device to generate an authorization signal, the secure 
processing device comprising a security routine, an encryption algorithm and a first 
owner key, the process comprising: 

receiving the software file by the computer system and sending the software 
file to the secure processing device; 
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hashing the software file to generate a first hash value; 

encrypting the first hash value within the secure processing device with the 
first owner key to generate a second owner signature; and 

comparing the first owner signature to the second owner signature, wherein 
if the first owner signature and the second owner signature match the secure 
processing device generates the authorization signal. 

12. The method for authenticating an owner of the software file of claim 
11, wherein the software file further comprises a first source signature appended 
thereto and the secure processing device further comprising a source key; the 
method further authenticating a source of the software file, the method comprising: 

encrypting the first hash value within the secure processing device with the 
source key to generate a second source signature; and 

comparing the first source signature to the second source signature, wherein 
if the first source signature and the second source signature match the secure 
processing device generates the authorization signal. 

13. The method for authenticating an owner of the software file of claim 
11, wherein the secure processing device further comprises a first key exchange 
key, the method further comprising: 

receiving a key exchange request by the secure processing device, the key 
exchange request including an encrypted second owner key and having a first key 
exchange signature appended thereto; 

hashing the key exchange request to generate a second hash value; 
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encrypting the second hash value with the first key exchange key to 
generate a second key exchange signature; and 

comparing the first key exchange signature with the second key exchange 
signature, wherein if the first key exchange signature and the second key exchange 
5 signature match, the secure processing device decrypts the second owner key and 
replaces the first owner key with the decrypted second owner key. 



14. The method for authenticating an owner of a software file of claim 13, 
wherein the key exchange request further comprises an encrypted second key 
M= io exchange key, the authenticating method further comprising: 

decrypting the encrypted second key exchange key with the first key 
it exchange key; and 

replacing the first key exchange key located within the secure processing 

s 

M device with the decrypted second key exchange key. 

ril 

fU 15 

Q 15. The method for authenticating a source and an owner of a software 

file of claim 13, wherein the computer system further comprises a first feature file 
having a first plurality of features wherein a first subset of the first plurality of 
features is activated and the computer system performs in accordance with the first 
20 subset of the first plurality of features, the method further comprising: 

receiving a second feature file having a third owner signature appended 
thereto, the second feature file comprising a second plurality of features wherein a 
second subset of the second plurality of features is activated; 

hashing the second feature file within the secure processing device to 
25 generate a third hash value; 
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encrypting the third hashed file with the second decrypted owner key within 
the secure processing device to generate a fourth owner signature; and 

comparing the third owner signature with the fourth owner signature, wherein 
if the third owner signature matches the fourth owner signature the computer 
5 system overwrites the first feature file with the second feature file and the computer 
system performs in accordance with the second subset of the second plurality of 
features. 

16. A method for authenticating a source of a software file having a first 

M; 10 source signature appended to the software file, for use on a computer system 

D 

having a secure processing device to generate an authorization signal, the secure 

= u 

S processing device comprising a security routine, an encryption algorithm and a first 

2 source key, the process comprising: 

M receiving the software file by the computer system and sending the software 

ru 

rli 15 file to the secure processing device; 

O hashing the software file to generate a first hash value; 

encrypting the first hash value within the secure processing device with the 
first source key to generate a second source signature; and 

comparing the first source signature to the second source signature, wherein 
20 if the first source signature and the second source signature match the secure 
processing device generates the authorization signal. 

1 7. The method for authenticating the source of the software file of claim 
11, wherein the software file further comprises a first owner signature appended 
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thereto and the secure processing device further comprising a owner key; the 
method further authenticating a owner of the software file, the method comprising: 

encrypting the first hash value within the secure processing device with the 
owner key to generate a second owner signature; and 

comparing the first owner signature to the second owner signature, wherein 
if the first owner signature and the second owner signature match the secure 
processing device generates the authorization signal. 

18. A method for authenticating a software file from a PBX manufacturer, 
the software file comprising a feature file having a plurality of features wherein a 
subset of the plurality of features are activated, the software file operating on a 
PBX, the PBX comprising a secure microprocessor having an encryption algorithm 
and a first key, the method comprising: 

hashing the feature file at the PBX manufacturer to generate a first hash 

value; 

encrypting the first hash value with a second key to generate a first 
signature; 

appending the first signature to the feature file; 

receiving the feature file and appended first signature by the secure 
microprocessor; 

hashing the received feature file within the secure microprocessor to 
generate a second hash value; 

encrypting the second hash value with the first key to generate a second 
signature; and 
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comparing the first signature with the second signature and if the first 
signature matches the second signature the PBX accepts the software file as being 
authenticated. 
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